SlashDot

Ecommerce giant eBay has launched a previously announced service designed to combat the scourge of fake goods on the platform. From a report: eBay has proven popular with fake goods' sellers for some time, with fashion accessories and jewelry featuring highly on counterfeiters' agenda. The company announced eBay Authenticate way back in January with a broad focus on giving "high-end" goods an official stamp of approval prior to sale. Ultimately designed to encourage buyers to part with cash on expensive items, it uses a network of professional authenticators who take physical receipt of a seller's products, validates them, and then photographs, lists, and ships the goods to the successful buyer. For today's launch of eBay Authenticate, the service is only available for luxury handbags from 12 brands, including Chanel, Gucci, Louis Vuitton, Prada, and Valentino, though the program will be expanded to cover other luxury goods and brands from next year. "With tens-of-thousands of high-end handbags currently available, eBay is primed to boost customer confidence in selling and shopping for an amazing selection of designer merchandise," noted Laura Chambers, vice president of consumer selling at eBay. "We also believe our sellers will love this service, as it provides them with a white-glove service when selling luxury handbags."

Readers share a report: In the event of a dirty bomb or a nuclear meltdown, emergency responders can safely tolerate radiation levels equivalent to thousands of chest X-rays, the Environmental Protection Agency said in new guidelines that ease off on established safety levels. The EPA's determination sets a level ten times the drinking water standard for radiation recommended under President Barack Obama. It could lead to the administration of President Donald Trump weakening radiation safety levels, watchdog groups critical of the move say. "It's really a huge amount of radiation they are saying is safe," said Daniel Hirsch, the retired director of the University of California, Santa Cruz's program on environmental and nuclear policy. "The position taken could readily unravel all radiation protection rules." The change was included as part of EPA "guidance" on messaging and communications in the event of a nuclear power plant meltdown or dirty bomb attack. The FAQ document, dated September 2017, is part of a broader planning document for nuclear emergencies, and does not carry the weight of federal standards or law.

Google is rolling out a trio of important changes to Chrome for Windows users. From a report: At the heart of these changes is Chrome Cleanup. This feature detects unwanted software that might be bundled with downloads, and provides help with removing it. Google's Philippe Rivard explains that Chrome now has built-in hijack detection which should be able to detect when user settings are changes without consent. This is a setting that has already rolled out to users, and Google says that millions of users have already been protected against unwanted setting changes such as having their search engine altered. But it's the Chrome Cleanup tool that Google is particularly keen to highlight. A redesigned interface makes it easier to use and to see what unwanted software has been detected and singled out for removal.

It's autumn. Somebody tell the trees. From a report: Ordinarily, two signals alert deciduous trees that it's time to relinquish the green hues of summer in favor of autumn's yellows, oranges and reds. First, the days begin to grow shorter. Second, the temperature begins to drop. But this year, unseasonably warm weather across most of the U.S. has tricked trees into delaying the onset of fall's color extravaganza. Temperatures in the eastern half of the country have been as much as 15 degrees above normal since mid-September, and the warmth is expected to persist through the end of October. The unfortunate result for leaf peepers is a lackluster fall. Two kinds of pigments produce the season's liveliest foliage. Carotenoid, responsible for yellows and oranges, is always present in leaves but is usually masked by chlorophyll. The initial trigger for its appearance is shorter days. Anthocyanin, responsible for reds and deep purples, is different. Not all deciduous trees have this pigment, and those that do manufacture it from scratch in the fall. The primary trigger for its appearance is lower temperatures. Without that cooling cue, the colors of maple and other species that generally ignite New England with brilliant reds this time of year are likely to fizzle.

Slovak and Czech researchers have found a vulnerability that leaves government and corporate encryption cards vulnerable to hackers to impersonate key owners, inject malicious code into digitally signed software, and decrypt sensitive data, reports ArsTechnica. From the report: The weakness allows attackers to calculate the private portion of any vulnerable key using nothing more than the corresponding public portion. Hackers can then use the private key to impersonate key owners, decrypt sensitive data, sneak malicious code into digitally signed software, and bypass protections that prevent accessing or tampering with stolen PCs. The five-year-old flaw is also troubling because it's located in code that complies with two internationally recognized security certification standards that are binding on many governments, contractors, and companies around the world. The code library was developed by German chipmaker Infineon and has been generating weak keys since 2012 at the latest. The flaw is the one Estonia's government obliquely referred to last month when it warned that 750,000 digital IDs issued since 2014 were vulnerable to attack. Estonian officials said they were closing the ID card public key database to prevent abuse. On Monday, officials posted this update. Last week, Microsoft, Google, and Infineon all warned how the weakness can impair the protections built into TPM products that ironically enough are designed to give an additional measure of security to high-targeted individuals and organizations.

For the first time, scientists have caught two neutron stars in the act of colliding, revealing that these strange smash-ups are the source of heavy elements such as gold and platinum. From a report: The discovery, announced today at a news conference and in scientific reports written by some 3,500 researchers, solves a long-standing mystery about the origin of these heavy elements -- which are found in everything from wedding rings to cellphones to nuclear weapons. It's also a dramatic demonstration of how astrophysics is being transformed by humanity's newfound ability to detect gravitational waves, ripples in the fabric of space-time that are created when massive objects spin around each other and finally collide. "It's so beautiful. It's so beautiful it makes me want to cry. It's the fulfillment of dozens, hundreds, thousands of people's efforts, but it's also the fulfillment of an idea suddenly becoming real," says Peter Saulson of Syracuse University, who has spent more than three decades working on the detection of gravitational waves. Albert Einstein predicted the existence of these ripples more than a century ago, but scientists didn't manage to detect them until 2015. Until now, they'd made only four such detections, and each time the distortions in space-time were caused by the collision of two black holes. That bizarre phenomenon, however, can't normally be seen by telescopes that look for light. Neutron stars, by contrast, spew out visible cosmic fireworks when they come together. These incredibly dense stars are as small as cities like New York and yet have more mass than our sun. Further reading: 'A New Rosetta Stone for Astronomy' (The Atlantic), and Gravitational Wave Astronomers Hit Mother Lode (Scientific American).

Microsoft says it has already fixed the problem for customers running supported versions of Windows. From a report: "We have released a security update to address this issue," says a Microsoft spokesperson in a statement to The Verge. "Customers who apply the update, or have automatic updates enabled, will be protected. We continue to encourage customers to turn on automatic updates to help ensure they are protected." Microsoft is planning to publish details of the update later today. While it looks like Android and Linux devices are affected by the worst part of the vulnerabilities, allowing attackers to manipulate websites, Google has promised a fix for affected devices "in the coming weeks." Google's own Pixel devices will be the first to receive fixes with security patch level of November 6, 2017, but most other handsets are still well behind even the latest updates. Security researchers claim 41 percent of Android devices are vulnerable to an "exceptionally devastating" variant of the Wi-Fi attack that involves manipulating traffic, and it will take time to patch older devices.

mirandakatz writes: As voice assistants crop up left and right, consumers are facing a decision: Are you an Alexa? A Google Assistant? A Siri? Choose wisely -- because once you pick one voice assistant, it'll be difficult to switch. As Scott Rosenberg writes at Backchannel, "If I want to switch assistants down the line, sure, I can just go out and buy another device. But that investment of time and personal data isn't so easy to replace... Right now, all these assistants behave like selfish employees who think they can protect their jobs by holding vital expertise or passwords close to their chests. Eventually , the data that runs the voice assistant business is going to have to be standardized."

The U.S. Supreme Court on Monday agreed to resolve a major privacy dispute between the Justice Department and Microsoft Corp over whether prosecutors should get access to emails stored on company servers overseas. From a report: The justices will hear the Trump administration's appeal of a lower court's ruling last year preventing federal prosecutors from obtaining emails stored in Microsoft computer servers in Dublin, Ireland in a drug trafficking investigation. That decision by the New York-based 2nd U.S. Court of Appeals marked a victory for privacy advocates and technology companies that increasingly offer cloud computing services in which data is stored remotely. Microsoft, which has 100 data centers in 40 countries, was the first U.S. company to challenge a domestic search warrant seeking data held outside the country. There have been several similar challenges, most brought by Google.

A security protocol at the heart of most modern Wi-Fi devices, including computers, phones, and routers, has been broken, putting almost every wireless-enabled device at risk of attack. From a report: The bug, known as "KRACK" for Key Reinstallation Attack, exposes a fundamental flaw in WPA2, a common protocol used in securing most modern wireless networks. Mathy Vanhoef, a computer security academic, who found the flaw, said the weakness lies in the protocol's four-way handshake, which securely allows new devices with a pre-shared password to join the network. That weakness can, at its worst, allow an attacker to decrypt network traffic from a WPA2-enabled device, hijack connections, and inject content into the traffic stream. In other words: hackers can eavesdrop on your network traffic. The bug represents a complete breakdown of the WPA2 protocol, for both personal and enterprise devices -- putting every supported device at risk. "If your device supports Wi-Fi, it is most likely affected," said Vanhoef, on his website. News of the vulnerability was later confirmed on Monday by US Homeland Security's cyber-emergency unit US-CERT, which about two months ago had confidentially warned vendors and experts of the bug, ZDNet has learned.

The new anti-cheating system installed in PlayerUnknown's Battlegrounds has been banning more than 6,000 suspected cheaters every day. An anonymous reader quotes PC Gamer:
That's according to BattlEye, which polices the game's servers. Its official account tweeted yesterday that between 6,000 and 13,000 players are getting their marching orders daily. On Saturday morning, it had cracked down on nearly 20,000 players within the previous 24-hour period... In total, the service has blocked 322,000 people, double the number that was reported by the game's creator Brendan Greene, aka PlayerUnknown, last month.
Yesterday the game had more than 2.2 million concurrent players.

First, here's the opinion of two former NSA cybersecurity analysts (via Consumer Reports):
"It's a big deal," says Blake Darche, a former NSA cybersecurity analyst and the founder of the cybersecurity firm Area 1. "For any consumers or small businesses that are concerned about privacy or have sensitive information, I wouldn't recommend running Kaspersky." By its very nature antivirus software is an appealing tool for hackers who want to access remote computers, security experts say. Such software is designed to scan a computer comprehensively as it searches for malware, then send regular reports back to a company server. "One of the things people don't realize, by installing that tool you give [the software manufacturer] the right to pull any information that might be interesting," says Chris O'Rourke, another former NSA cybersecurity expert who is the CEO of cybersecurity firm Soteria.
But for that reason, Bloomberg View columnist Leonid Bershidsky suggests any anti-virus software will be targetted by nation-state actors, and argues that for most users, "non-state criminal threats are worse. That's why Interpol this week signed a new information-sharing agreement with Kaspersky despite all the revelations in the U.S. media: The international police cooperation organization deals mainly with non-state actors, including profit-seeking hackers, rather than with the warring intelligence services."
And long-time Slashdot reader freddieb is a loyal Kaspersky user who is wondering what to do, calling the software "very effective and non-intrusive." And in addition, "Numerous recent hacks have gotten my data (Equifax, and others) so I expect I have nothing else to fear except ransomware."
Share your own informed opinions in the comments. Should users uninstall Kaspersky's antivirus software?

An anonymous reader quotes TechRepublic:
The city of Munich has suggested it will cost too much to carry on using Linux alongside Windows, despite having spent millions of euros switching PCs to open-source software... "Today, with a Linux client-centric environment, we are often confronted with major difficulties and additional costs when it comes to acquiring and operating professional application software," the city council told the German Federation of Taxpayers. Running Linux will ultimately prove unsustainable, suggests the council, due to the need to also keep a minority of Windows machines to run line-of-business software incompatible with Linux. "In the long term, this situation means that the operation of the non-uniform client landscape can no longer be made cost-efficient"... Since completing the multi-year move to LiMux, a custom-version of the Linux-based OS Ubuntu, the city always kept a smaller number of Windows machines to run incompatible software. As of last year it had about 4,163 Windows-based PCs, compared to about 20,000 Linux-based PCs.
The assessment is at odds with a wide-ranging review of the city's IT systems by Accenture last year, which found that most of the problems stem not from the use of open-source software, but from inefficiencies in how Munich co-ordinates the efforts of IT teams scattered throughout different departments. Dr. Florian Roth, leader of the Green Party at Munich City Council, said the review had also not recommended a wholesale shift to Windows. "The Accenture report suggested to run both systems because the complete 'rollback' to Windows and MS Office would mean a waste of experience, technology, work and money," he said... The city's administration is investigating how long it would take and how much it would cost to build a Windows 10 client for use by the city's employees. Once this work is complete, the council will vote again in November on whether this Windows client should replace LiMux across the authority from 2021.
A taxpayer's federation post urged "Penguin, adieu!" -- while also admitting that returning to Windows "will devour further tax money in the millions," according to TechRepublic.
"The federation's post also makes no mention of the licensing and other savings achieved by switching to LiMux, estimated to stand at about €10m."

An anonymous reader writes:
Tech companies are competing to serve the wealthy, argues the winner of the 2006 Nobel Peace Prize, complaining there's no "global vision," with big innovations instead "designed and dedicated mostly for commercial successes... while trillions of dollars are invested in developing robotics and artificial intelligence for military and commercial purposes, there is little interest in applying technology to overcome the massive human problems of the world." A genius in the tech industry "can dedicate his work to creating a medical breakthrough that will save thousands of lives -- or he can develop an app that will let people amuse themselves."
As an exception, he cites the low-cost Endless computer, which runs Linux and has 50,000 Wikipedia articles pre-installed to enable offline research -- plus more than 100 applications -- for a price of just $79. "One part of Endless's business is operated like a conventional, profit-seeking company, while the other part is a social business that provides underserved populations with educational, health, and creative services they were once denied. Endless is already being shipped around the globe by four of the five largest computer manufacturers. It has become the leading PC platform in Indonesia and much of Southeast Asia. It has also been selected as the standard operating system for the Brazilian Ministry of Education, and in coming months it will be adopted as the primary platform by a number of other Latin American countries."
The article is by Muhammad Yunus, who pioneered the concepts of microcredit and microfinance, and is taken from his new book, A World of Three Zeros: The New Economics of Zero Poverty, Zero Unemployment, and Zero Net Carbon Emissions.

Saturday's tweet from Julian Assange says it all:
"My deepest thanks to the US government, Senator McCain and Senator Lieberman for pushing Visa, MasterCard, PayPal, AmEx, Moneybookers, et al, into erecting an illegal banking blockade against @WikiLeaks starting in 2010. It caused us to invest in Bitcoin -- with > 50000% return."
Assange's tweet was accompanied by a graph showing the massive spike in the price of bitcoin -- though most of that growth occurred in the last year.

An anonymous reader quotes Mashable:
The Dubai police, which already has luxury patrol cars, self-driving pursuit drones, and a robot officer, just announced it will soon have officers buzzing around on hoverbikes, which look like an early version of the speeder bikes used by the scout troopers on Endor in Return of the Jedi. The force (see what I did there?) unveiled its new Hoversurf Scorpion craft at the Gitex Technology Week conference, according to UAE English language publication Gulf News. The police force will use the hoverbike for emergency response scenarios, giving officers the ability to zoom over congested traffic conditions by taking to the air... The Scorpion can also fly autonomously for almost four miles at a time for other emergencies.
The fully-electric hoverbike stays aloft for about 25 minutes per charge at a top speed around 43 mph.
Gulf News also reported that Dubai police "unveiled robotic vehicles which will be equipped with biometric software to scan for wanted criminals and undesirable elements."

Slashdot reader Templer421 quotes the Wall Street Journal's report [non-paywalled version here] on DARPA's "Financial Markets Vulnerabilities Project":
Dozens of high-speed traders and others from Wall Street are helping the Pentagon study how hackers could unleash chaos in the U.S. financial system. The Department of Defense's research arm over the past year and a half has consulted executives at high-frequency trading firms and quantitative hedge funds, and people from exchanges and other financial companies, participants in the discussions said. Officials described the effort as an early-stage pilot project aimed at identifying market vulnerabilities... Participants described meetings as informal sessions in which attendees brainstorm about how hackers might try to bring down U.S. markets, then rank the ideas by feasibility.
Among the potential scenarios: Hackers could cripple a widely used payroll system; they could inject false information into stock-data feeds, sending trading algorithms out of whack; or they could flood the stock market with fake sell orders and trigger a market crash... "We started thinking a couple years ago what it would be like if a malicious actor wanted to cause havoc on our financial markets," said Wade Shen, who researched artificial intelligence at the Massachusetts Institute of Technology before joining Darpa as a program manager in 2014.

An anonymous reader quotes McClatchy:
Pizza Hut told customers by email on Saturday that some of their personal information may have been compromised. Some of those customers are angry that it took almost two weeks for the fast food chain to notify them. According to a customer notice emailed from the pizza chain, those who placed an order on its website or mobile app between the morning of Oct. 1 and midday Oct. 2 might have had their information exposed. The "temporary security intrusion" lasted for about 28 hours, the notice said, and it's believed that names, billing ZIP codes, delivery addresses, email addresses and payment card information -- meaning account number, expiration date and CVV number -- were compromised... A call center operator told McClatchy that about 60,000 people across the U.S. were affected.
"[W]e estimate that less than one percent of the visits to our website over the course of the relevant week were affected," read a customer notice sent only to those affected, offering them a free year of credit monitoring. But that hasn't stopped sarcastic tweets like this from the breach's angry victims.
"Hey @pizzahut, thanks for telling me you got hacked 2 weeks after you lost my cc number. And a week after someone started using it."

Speaking at Oxford, Apple CEO Tim Cook shared a lesson learned from the "spectacular" commercial failure of the Power Mac G4 Cube in 2000 -- and from his mentor Steve Jobs. An anonymous reader quotes Business Insider:
"It was a very important product for us, we put a lot of love into it, we put enormous engineering into it," Cook said of the G4 Cube on stage. He calls it an "engineering marvel." At the time, Cook was Apple Senior VP of Worldwide Operations, recruited personally by then-CEO Steve Jobs... While the design was a hit, it was $200 more expensive than the regular Power Mac G4, a more traditional-looking PC with very similar specs. And some Cubes would develop cosmetic cracks in the acrylic cube casing due to a manufacturing flaw. In his talk, Cook says that Apple knew the Cube was flopping "from the very first day, almost..."
Ultimately, Cook says, it was a lesson in humility and pride. Apple had told both employees and customers that the G4 Cube was the future. And yet, despite Apple's massive hype, demand just wasn't there, and the company had to walk away. "This was another thing that Steve [Jobs] taught me, actually," says Cook. "You've got to be willing to look yourself in the mirror and say I was wrong, it's not right." In a broader sense, Cook says that Jobs taught him the value of intellectual honesty -- that, no matter how much you care about something, you have to be willing to take new data and apply it to the situation.
He advised his audience to "be intellectually honest -- and have the courage to change."
And the article points out that today there's a small but enthusiastic community who are still hacking their Power Mac G4 Cubes.

China now has more laboratory scientists than any other country in the world, reports Amy Qin in the New York Times, and spends more on research than the entire European Union.
But in its rush to dominance, China has stood out in another, less boastful way. Since 2012, the country has retracted more scientific papers because of faked peer reviews than all other countries and territories put together, according to Retraction Watch, a blog that tracks and seeks to publicize retractions of research papers... In April, a scientific journal retracted 107 biology research papers, the vast majority of them written by Chinese authors, after evidence emerged that they had faked glowing reviews of their articles. Then, this summer, a Chinese gene scientist who had won celebrity status for breakthroughs once trumpeted as Nobel Prize-worthy was forced to retract his research when other scientists failed to replicate his results. At the same time, a government investigation highlighted the existence of a thriving online black market that sells everything from positive peer reviews to entire research articles... In part, these numbers may simply reflect the enormous scale of the world's most populous nation. But Chinese scientists also blame what they call the skewed incentives they say are embedded within their nation's academic system.